A hacker posted a video disclosing ways of getting free in-app purchases, exploiting iOS's vulnerability.
According to The Next Web, Apple has sent out a number of take-down requests for content associated with the Russian hacker, Alexey V. Borodin, who is also known by his YouTube account name ZonD80.
The hack worked on iOS versions 3.0 and up, on any iOS device that could run those versions. In the video the hacker used an iPhone 4S running iOS 6. According to Borodin, you only need to install two security certificates as well as change your DNS settings and you will be set to steal in-app purchases.
Apple has been trying hard to pin down the hacker and as expected has voided the video uploaded on YouTube with the tutorial. Apple has also blocked the hacker's website In-App.com, which served as a way for him to accept donations from users worldwide for his work.
But despite all the efforts by Apple, Borodin has moved his operation outside the restrictions laid out by Apple and this time he has also managed to allow users to get in-app purchases without the need of logging in to their iTunes account. Borodin has also posted a video in response to Apple's action, named "Reply to apple. IN-APP PURCHASES ARE STILL FREE AND REQUIRE NO JAILBREAK".
You might like this